4 Replies Latest reply on Jul 25, 2018 9:02 AM by gelvgren

    NPE when doing session.invalidate with single-sign-on

    gelvgren

      I have been converting our application from Wildfly 9 to Wildfly 13 and encountered the following error when logging out of our site.

      The <single-sign-on> element has been added to the undertow/server/host standalone.xml configuration.

       

      Caused by: java.lang.NullPointerException

      at io.undertow.server.session.InMemorySessionManager$SessionImpl.requestStarted(InMemorySessionManager.java:459)

      at io.undertow.server.session.InMemorySessionManager.getSession(InMemorySessionManager.java:218)

      at org.wildfly.clustering.web.undertow.sso.DistributableSingleSignOn$InvalidatableSession.invalidate(DistributableSingleSignOn.java:182)

      at io.undertow.security.impl.SingleSignOnAuthenticationMechanism$SessionInvalidationListener.sessionDestroyed(SingleSignOnAuthenticationMechanism.java:207)

      at io.undertow.server.session.SessionListeners.sessionDestroyed(SessionListeners.java:61)

      at io.undertow.server.session.InMemorySessionManager$SessionImpl.invalidate(InMemorySessionManager.java:586)

      at io.undertow.server.session.InMemorySessionManager$SessionImpl.invalidate(InMemorySessionManager.java:560)

      at io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:198)

       

      From looking at the code, it looks like InMemorySessionManager requestStarted() could be improved by checking for a null parameter value but I was wondering if there was some other possible configuration that has been added that would avoid this problem.